Loading
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Identity Verification Overview

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Identity Verification Overview

            Identity verification is when a user provides evidence, called a verification method, to confirm they’re the true owner of an account. Users verify their identity to gain certain access privileges in Salesforce, such as logging in, activating a new device, or viewing a sensitive resource. Depending on the use case, identity verification is referred to as multi-factor authentication (MFA), device activation, or step-up authentication.

            Required Editions

            Available in: all editions

            Review the three forms of identity verification.

            • Multi-factor authentication (MFA)

              MFA is contractually required when accessing Salesforce products, whether through direct logins or single sign-on (SSO). To help customers satisfy this requirement, MFA is automatically enabled for direct logins to production orgs. With MFA, users must provide a verification method in addition to their Salesforce username and password.

            • Device activation

              Users provide a verification method when logging in to Salesforce from an unrecognized device. Note that when MFA is enabled, device activation no longer applies because users must verify their identity regardless of whether their device is recognized.

            • Step-up authentication

              Users provide a verification method when taking an action that requires raising their session security level. For example, a user with a standard session security level must verify their identity before accessing a resource that requires a high-assurance session security level. Note that MFA gives users a high-assurance session each time they log in, so if MFA is enabled, step-up authentication no longer applies. Learn more about requiring high-assurance session security.

            See which verification methods can be used for MFA, device activation, and step-up authentication.

            Verification Method Description Multi-Factor Authentication Device Activation Step-Up Authentication
            Salesforce Authenticator A mobile app that sends a user push notifications or generates time-based one-time passwords (TOTP). Checkmark Checkmark Checkmark
            Built-In Authenticator

            A biometric reader that’s built into a user’s device.

            *You can enable or disable this method in Identity Verification Setup.

            		 Checkmark Checkmark Checkmark
            U2F or WebAuthn Security Key

            A physical security key that a user inserts into their device.

            *You can enable or disable this method in Identity Verification Setup.

            		 Checkmark Checkmark Checkmark
            Time-Based One-Time Password Generator App A third-party app that generates time-based one-time passwords (TOTP). Checkmark Checkmark Checkmark
            Temporary Verification Code A temporary verification code that you generate and give to a user. Checkmark    
            SMS One-Time Passcode A temporary verification code sent to a user via text (SMS). Available as an MFA method for external users only Checkmark  
            Email Verification Link A verification link sent to a user via email.   Checkmark  

            See Also

             
            Loading
            Salesforce Help | Article